automation: created ansible roles

README.md

@@ -0,0 +1,3 @@
+# Homelab repo
+
+This is the repository for all my automations and notes for my homelab, more details soon, for now you can check more about the ansible playbooks in their respective readme

ansible/README.md

@@ -0,0 +1,41 @@
+# Ansible
+Ansible roles for managing my proxmox servers, as I use personally for my homelab, if you want to use by yourself some changes will be needed, I'll try to write to make the process easier but maybe I will leave some gaps.
+
+## For new servers
+Please, configure a user with ssh access, I prefeer using ssh keys but you can use password aswell, just configure the variabel in ./inventory folder. In this case we're using 'luigi' for username, because it's my default user in my homelab.
+
+Example with asking password:
+```shell 
+ansible proxmox -i ./inventory/proxmox.yml -m ping --ask-pass --ask-become-pass
+```
+
+I created the *newserver* role for when a empty linux is running, I run ubuntu 22.04 so I consideer only this distro supported for now. This role has following tags
+- sshkey
+- nosudopwd
+- updatesystem
+
+**WARNING THIS ROLE CAN REBOOT YOUR SERVER**
+
+### SSH *(ssh.yml)*
+This task searches the *id_rsa.pub* file inside the machine that is running the playbook, and add the public key to the remote servers defined in inventory, uses *ansible_user* as variable, maybe you want to change to another variable.
+
+### Update system packages *(update.yml)*
+Update cache and repo for apt repositories in the system, reboot the server if is needed.
+
+### Disable sudo password *(nosudopwd.yml)*
+**NOT RECOMMENDED FOR CORPORATE OR INTERNET EXPOSED SERVERS**
+Disable sudo password prompt when using the command, as my servers are not exposed I disable this for automations purposes
+
+## Docker Server
+This role has the purpose to setup my docker server infrastructure, I've choosen to switch from k8s to portainer & gitops for orchrestration. So we're using [Portainer Community Edition](https://docs.portainer.io/start/install-ce)
+### Prequisites
+For using this role, please install beforehand [ansible-docker-role from geergling guy](https://github.com/geerlingguy/ansible-role-docker), and [pip role](https://github.com/geerlingguy/ansible-role-pip) so we can manage docker containers with ansible: 
+
+```shell
+ansible-galaxy install geerlingguy.pip
+ansible-galaxy install geerlingguy.docker
+```
+
+### Portainer
+The role will install Docker + Portainer, we recommend using the role in **root** user as recommended in [portainer documentation](https://docs.portainer.io/start/install-ce/server/docker/linux#introduction).
+After running the playbook, access your portainer instance using *yourhostname.tld:9443*

ansible/dockerserver.yml

@@ -0,0 +1,4 @@
+- hosts: docker
+  tasks:
+    - import_role:
+        name: docker

ansible/inventory/proxmox.yml

@@ -0,0 +1,15 @@
+proxmox:
+  hosts:
+    csgo.home:
+    containers.home:
+    vpn.home:
+  vars:
+    ansible_user: luigi
+    ansible_become: true
+
+docker:
+  hosts:
+    containers.home:
+  vars:
+    ansible_user: luigi
+    ansible_become: true

ansible/newserver.yml

@@ -0,0 +1,4 @@
+- hosts: proxmox
+  tasks:
+    - ansible.builtin.import_role:
+        name: newserver

ansible/roles/docker/tasks/main.yml

@@ -0,0 +1,31 @@
+---
+- name: Install Docker & PIP (For managing container wirh ansible)
+  include_role:
+    name: "{{ item }}"
+  with_items:
+    - geerlingguy.pip
+    - geerlingguy.docker
+  vars:
+    become: true
+    pip_install_packages:
+      - name: docker
+  tags: installdocker
+
+- name: Create volume for portainer
+  community.docker.docker_volume:
+    name: portainer_data
+  tags: installportainer
+
+- name: Create a portainer container
+  community.docker.docker_container:
+      name: portainer
+      image: portainer/portainer-ce:2.18.3
+      state: started
+      volumes:
+        - portainer_data:/data
+        - /var/run/docker.sock:/var/run/docker.sock
+      ports: 
+        - "8000:8000"
+        - "9443:9443"
+      restart_policy: "always"
+  tags: installportainer

ansible/roles/newserver/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

ansible/roles/newserver/tasks/main.yml

@@ -0,0 +1,19 @@
+---
+# tasks file for newserver
+- name: SSH key task
+  include_tasks: ssh.yml
+  vars:
+    become: true
+  tags: sshkey
+
+- name: No sudo password
+  include_tasks: nosudopwd.yml
+  vars:
+    become: true
+  tags: nosudopwd
+
+- name: Update System
+  include_tasks: update.yml
+  vars:
+    become: true
+  tags: updatesystem

ansible/roles/newserver/tasks/nosudopwd.yml

@@ -0,0 +1,7 @@
+- name: Set paswordless sudo
+  lineinfile:
+    path: /etc/sudoers
+    state: present
+    regexp: '^%sudo'
+    line: '%sudo ALL=(ALL) NOPASSWD: ALL'
+    validate: 'visudo -cf %s'

ansible/roles/newserver/tasks/ssh.yml

@@ -0,0 +1,11 @@
+  - name: Create .ssh directory for {{ ansible_user }}
+    file:
+      path: "/home/{{ ansible_user }}/.ssh"
+      state: directory
+      mode: '0700'
+
+  - name: Add public key to authorized_keys file
+    authorized_key:
+      user: "{{ ansible_user }}"
+      state: present
+      key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"

ansible/roles/newserver/tasks/update.yml

@@ -0,0 +1,27 @@
+---
+  - name: Update apt cache and repo
+    apt:
+      update_cache: yes
+      force_apt_get: yes
+      cache_valid_time: 3600
+
+  - name: Upgrade packages
+    apt:
+      upgrade: dist
+      force_apt_get: yes
+
+  - name: Check if a reboot is needed
+    register: reboot_needed
+    stat:
+      path: /var/run/reboot-required
+      get_md5: no
+
+  - name: Reboot the server if kernel updated
+    reboot:
+      msg: "Reboot initiated by Ansible for OS updates"
+      connect_timeout: 5
+      reboot_timeout: 300
+      pre_reboot_delay: 0
+      post_reboot_delay: 30
+      test_command: uptime
+    when: reboot_needed.stat.exists